web analytics

What does packet latency thresholding measure?

What does packet latency thresholding measure? A. the total elapsed time it takes to process a packet B. the amount of time it takes for a rule to process C.

A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type?

A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type? A. port scan

Controlling simultaneous connections is a feature of which type of preprocessor?

Controlling simultaneous connections is a feature of which type of preprocessor? A. rate-based attack prevention B. detection enhancement C. TCP and network layer preprocessors D. performance settings Correct Answer: A

Suppose an administrator is configuring an IPS policy and attempts to enable intrusion rules that require the operation of the TCP stream preprocessor, but the TCP stream preprocessor is turned off. Which statement is true in this situation?

Suppose an administrator is configuring an IPS policy and attempts to enable intrusion rules that require the operation of the TCP stream preprocessor, but the TCP stream preprocessor is turned

Which feature of the preprocessor configuration pages lets you quickly jump to a list of the rules associated with the preprocessor that you are configuring?

Which feature of the preprocessor configuration pages lets you quickly jump to a list of the rules associated with the preprocessor that you are configuring? A. the rule group accordion

Which statement represents detection capabilities of the HTTP preprocessor?

Which statement represents detection capabilities of the HTTP preprocessor? A. You can configure it to blacklist known bad web servers. B. You can configure it to normalize cookies in HTTP

Which option is a remediation module that comes with the Sourcefire System?

Which option is a remediation module that comes with the Sourcefire System? A. Cisco IOS Null Route B. Syslog Route C. Nmap Route Scan D. Response Group Correct Answer: A

Which list identifies the possible types of alerts that the Sourcefire System can generate as notification of events or policy violations?

Which list identifies the possible types of alerts that the Sourcefire System can generate as notification of events or policy violations? A. logging to database, SMS, SMTP, and SNMP B.

Which statement is true when network traffic meets the criteria specified in a correlation rule?

Which statement is true when network traffic meets the criteria specified in a correlation rule? A. Nothing happens, because you cannot assign a group of rules to a correlation policy.

What does the whitelist attribute value “not evaluated” indicate?

What does the whitelist attribute value “not evaluated” indicate? A. The host is not a target of the whitelist. B. The host could not be evaluated because no profile exists

Which option is a valid whitelist evaluation value?

Which option is a valid whitelist evaluation value? A. pending B. violation C. semi-compliant D. not-evaluated Correct Answer: D

Correlation policy rules allow you to construct criteria for alerting on very specific conditions. Which option is an example of such a rule?

Correlation policy rules allow you to construct criteria for alerting on very specific conditions. Which option is an example of such a rule? A. testing password strength when accessing an

Which interface type allows for VLAN tagging?

Which interface type allows for VLAN tagging? A. inline B. switched C. high-availability link D. passive Correct Answer: B

Which interface type allows for bypass mode?

Which interface type allows for bypass mode? A. inline B. switched C. routed D. grouped Correct Answer: A

Stacking allows a primary device to utilize which resources of secondary devices?

Stacking allows a primary device to utilize which resources of secondary devices? A. interfaces, CPUs, and memory B. CPUs and memory C. interfaces, CPUs, memory, and storage D. interfaces and

Which Sourcefire feature allows you to send traffic directly through the device without inspecting it?

Which Sourcefire feature allows you to send traffic directly through the device without inspecting it? A. fast-path rules B. thresholds or suppressions C. blacklist D. automatic application bypass Correct Answer:

Which statement is true concerning static NAT?

Which statement is true concerning static NAT? A. Static NAT supports only TCP traffic. B. Static NAT is normally deployed for outbound traffic only. C. Static NAT provides a one-to-one

The gateway VPN feature supports which deployment types?

The gateway VPN feature supports which deployment types? A. SSL and HTTPS B. PPTP and MPLS C. client and route-based D. point-to-point, star, and mesh Correct Answer: D

Which mechanism should be used to write an IPS rule that focuses on the client or server side of a TCP communication?

Which mechanism should be used to write an IPS rule that focuses on the client or server side of a TCP communication? A. the directional operator in the rule header

Which option describes the two basic components of Sourcefire Snort rules?

Which option describes the two basic components of Sourcefire Snort rules? A. preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine

Alert priority is established in which way?

Alert priority is established in which way? A. event classification B. priority.conf file C. host criticality selection D. through Context Explorer Correct Answer: A

When configuring an LDAP authentication object, which server type is available?

When configuring an LDAP authentication object, which server type is available? A. Microsoft Active Directory B. Yahoo C. Oracle D. SMTP Correct Answer: A

Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access?

Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access? A. Administrator B. Intrusion Administrator C. Maintenance User D.

Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access?

Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access? A. Administrator B. Intrusion Administrator C. Security Analyst

Which statement describes the meaning of a red health status icon?

Which statement describes the meaning of a red health status icon? A. A critical threshold has been exceeded. B. At least one health module has failed. C. A health policy

The collection of health modules and their settings is known as which option?

The collection of health modules and their settings is known as which option? A. appliance policy B. system policy C. correlation policy D. health policy Correct Answer: D

Where do you configure widget properties?

Where do you configure widget properties? A. dashboard properties B. the Widget Properties button in the title bar of each widget C. the Local Configuration page D. Context Explorer Correct

Which event source can have a default workflow configured?

Which event source can have a default workflow configured? A. user events B. discovery events C. server events D. connection events Correct Answer: B

Remote access to the Defense Center database has which characteristic?

Remote access to the Defense Center database has which characteristic? A. read/write B. read-only C. Postgres D. Estreamer Correct Answer: B

Which statement regarding user exemptions is true?

Which statement regarding user exemptions is true? A. Non-administrators can be made exempt on an individual basis. B. Exempt users have a browser session timeout restriction of 24 hours. C.

What is the maximum timeout value for a browser session?

What is the maximum timeout value for a browser session? A. 60 minutes B. 120 minutes C. 1024 minutes D. 1440 minutes Correct Answer: D

Which policy controls malware blocking configuration?

Which policy controls malware blocking configuration? A. file policy B. malware policy C. access control policy D. IPS policy Correct Answer: A

Which statement is true regarding malware blocking over HTTP?

Which statement is true regarding malware blocking over HTTP? A. It can be done only in the download direction. B. It can be done only in the upload direction. C.

Which option describes Spero file analysis?

Which option describes Spero file analysis? A. a method of analyzing the SHA-256 hash of a file to determine whether a file is malicious or not B. a method of

A context box opens when you click on an event icon in the Network File Trajectory map for a file. Which option is an element of the box?

A context box opens when you click on an event icon in the Network File Trajectory map for a file. Which option is an element of the box? A. Scan

Which option can you enter in the Search text box to look for the trajectory of a particular file?

Which option can you enter in the Search text box to look for the trajectory of a particular file? A. the MD5 hash value of the file B. the SHA-256

Other than navigating to the Network File Trajectory page for a file, which option is an alternative way of accessing the network trajectory of a file?

Other than navigating to the Network File Trajectory page for a file, which option is an alternative way of accessing the network trajectory of a file? A. from Context Explorer

A user discovery agent can be installed on which platform?

A user discovery agent can be installed on which platform? A. OpenLDAP B. Windows C. RADIUS D. Ubuntu Correct Answer: B

In addition to the discovery of new hosts, FireSIGHT can also perform which function?

In addition to the discovery of new hosts, FireSIGHT can also perform which function? A. block traffic B. determine which users are involved in monitored connections C. discover information about

The IP address::/0 is equivalent to which IPv4 address and netmask?

The IP address::/0 is equivalent to which IPv4 address and netmask? A. 0.0.0.0 B. 0.0.0.0/0 C. 0.0.0.0/24 D. The IP address::/0 is not valid IPv6 syntax. Correct Answer: B

Which option is derived from the discovery component of FireSIGHT technology?

Which option is derived from the discovery component of FireSIGHT technology? A. connection event table view B. network profile C. host profile D. authentication objects Correct Answer: C

When configuring FireSIGHT detection, an administrator would create a network discovery policy and set the action to “discover”. Which option is a possible type of discovery?

When configuring FireSIGHT detection, an administrator would create a network discovery policy and set the action to “discover”. Which option is a possible type of discovery? A. host B. IPS

FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types?

FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types? A. protocol layer B. application C.

Host criticality is an example of which option?

Host criticality is an example of which option? A. a default whitelist B. a default traffic profile C. a host attribute D. a correlation policy Correct Answer: C

FireSIGHT recommendations appear in which layer of the Policy Layers page?

FireSIGHT recommendations appear in which layer of the Policy Layers page? A. Layer Summary B. User Layers C. Built-In Layers D. FireSIGHT recommendations do not show up as a layer.

Which option is used to implement suppression in the Rule Management user interface?

Which option is used to implement suppression in the Rule Management user interface? A. Rule Category B. Global C. Source D. Protocol Correct Answer: C

When you are editing an intrusion policy, how do you know that you have changes?

When you are editing an intrusion policy, how do you know that you have changes? A. The Commit Changes button is enabled. B. A system message notifies you. C. You

Which option is true of the Packet Information portion of the Packet View screen?

Which option is true of the Packet Information portion of the Packet View screen? A. provides a table view of events B. allows you to download a PCAP formatted file

Which option is not a characteristic of dashboard widgets or Context Explorer?

Which option is not a characteristic of dashboard widgets or Context Explorer? A. Context Explorer is a tool used primarily by analysts looking for trends across varying periods of time.

One of the goals of geolocation is to identify which option?

One of the goals of geolocation is to identify which option? A. the location of any IP address B. the location of a MAC address C. the location of a